Merge branch 'master' into systemd-notify
This commit is contained in:
commit
406eeb6c5e
6
.github/governance.yml
vendored
6
.github/governance.yml
vendored
|
@ -42,7 +42,7 @@ issue:
|
||||||
3. Check [Releases](https://github.com/crowdsecurity/crowdsec/releases/latest) to make sure your agent is on the latest version.
|
3. Check [Releases](https://github.com/crowdsecurity/crowdsec/releases/latest) to make sure your agent is on the latest version.
|
||||||
|
|
||||||
- prefix: kind
|
- prefix: kind
|
||||||
list: ['feature', 'bug', 'packaging', 'enhancement']
|
list: ['feature', 'bug', 'packaging', 'enhancement', 'refactoring']
|
||||||
multiple: false
|
multiple: false
|
||||||
author_association:
|
author_association:
|
||||||
author: true
|
author: true
|
||||||
|
@ -54,6 +54,7 @@ issue:
|
||||||
@$AUTHOR: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
|
@$AUTHOR: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
|
||||||
* `/kind feature`
|
* `/kind feature`
|
||||||
* `/kind enhancement`
|
* `/kind enhancement`
|
||||||
|
* `/kind refactoring`
|
||||||
* `/kind bug`
|
* `/kind bug`
|
||||||
* `/kind packaging`
|
* `/kind packaging`
|
||||||
|
|
||||||
|
@ -65,12 +66,13 @@ pull_request:
|
||||||
labels:
|
labels:
|
||||||
- prefix: kind
|
- prefix: kind
|
||||||
multiple: false
|
multiple: false
|
||||||
list: [ 'feature', 'enhancement', 'fix', 'chore', 'dependencies']
|
list: [ 'feature', 'enhancement', 'fix', 'chore', 'dependencies', 'refactoring']
|
||||||
needs:
|
needs:
|
||||||
comment: |
|
comment: |
|
||||||
@$AUTHOR: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.
|
@$AUTHOR: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.
|
||||||
* `/kind feature`
|
* `/kind feature`
|
||||||
* `/kind enhancement`
|
* `/kind enhancement`
|
||||||
|
* `/kind refactoring`
|
||||||
* `/kind fix`
|
* `/kind fix`
|
||||||
* `/kind chore`
|
* `/kind chore`
|
||||||
* `/kind dependencies`
|
* `/kind dependencies`
|
||||||
|
|
|
@ -37,17 +37,10 @@ linters-settings:
|
||||||
statements: 122
|
statements: 122
|
||||||
|
|
||||||
govet:
|
govet:
|
||||||
enable:
|
enable-all: true
|
||||||
- atomicalign
|
disable:
|
||||||
- deepequalerrors
|
- reflectvaluecompare
|
||||||
# TODO: - fieldalignment
|
- fieldalignment
|
||||||
- findcall
|
|
||||||
- nilness
|
|
||||||
# TODO: - reflectvaluecompare
|
|
||||||
- shadow
|
|
||||||
- sortslice
|
|
||||||
- timeformat
|
|
||||||
- unusedwrite
|
|
||||||
|
|
||||||
lll:
|
lll:
|
||||||
# lower this after refactoring
|
# lower this after refactoring
|
||||||
|
@ -147,37 +140,40 @@ linters:
|
||||||
#
|
#
|
||||||
# DEPRECATED by golangi-lint
|
# DEPRECATED by golangi-lint
|
||||||
#
|
#
|
||||||
- deadcode # The owner seems to have abandoned the linter. Replaced by unused.
|
- deadcode
|
||||||
- exhaustivestruct # The owner seems to have abandoned the linter. Replaced by exhaustruct.
|
- exhaustivestruct
|
||||||
- golint # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
|
- golint
|
||||||
- ifshort # Checks that your code uses short syntax for if-statements whenever possible
|
- ifshort
|
||||||
- interfacer # Linter that suggests narrower interface types
|
- interfacer
|
||||||
- maligned # Tool to detect Go structs that would take less memory if their fields were sorted
|
- maligned
|
||||||
- nosnakecase # nosnakecase is a linter that detects snake case of variable naming and function name.
|
- nosnakecase
|
||||||
- scopelint # Scopelint checks for unpinned variables in go programs
|
- scopelint
|
||||||
- structcheck # The owner seems to have abandoned the linter. Replaced by unused.
|
- structcheck
|
||||||
- varcheck # The owner seems to have abandoned the linter. Replaced by unused.
|
- varcheck
|
||||||
|
|
||||||
#
|
#
|
||||||
# Enabled
|
# Enabled
|
||||||
#
|
#
|
||||||
|
|
||||||
# - asasalint # check for pass []any as any in variadic func(...any)
|
# - asasalint # check for pass []any as any in variadic func(...any)
|
||||||
# - asciicheck # Simple linter to check that your code does not contain non-ASCII identifiers
|
# - asciicheck # checks that all code identifiers does not have non-ASCII symbols in the name
|
||||||
# - bidichk # Checks for dangerous unicode character sequences
|
# - bidichk # Checks for dangerous unicode character sequences
|
||||||
# - bodyclose # checks whether HTTP response body is closed successfully
|
# - bodyclose # checks whether HTTP response body is closed successfully
|
||||||
|
# - copyloopvar # copyloopvar is a linter detects places where loop variables are copied
|
||||||
# - cyclop # checks function and package cyclomatic complexity
|
# - cyclop # checks function and package cyclomatic complexity
|
||||||
# - decorder # check declaration order and count of types, constants, variables and functions
|
# - decorder # check declaration order and count of types, constants, variables and functions
|
||||||
# - depguard # Go linter that checks if package imports are in a list of acceptable packages
|
# - depguard # Go linter that checks if package imports are in a list of acceptable packages
|
||||||
# - dupword # checks for duplicate words in the source code
|
# - dupword # checks for duplicate words in the source code
|
||||||
# - durationcheck # check for two durations multiplied together
|
# - durationcheck # check for two durations multiplied together
|
||||||
# - errcheck # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
|
# - errcheck # errcheck is a program for checking for unchecked errors in Go code. These unchecked errors can be critical bugs in some cases
|
||||||
# - errorlint # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
|
# - errorlint # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
|
||||||
# - execinquery # execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds
|
# - execinquery # execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds
|
||||||
# - exportloopref # checks for pointers to enclosing loop variables
|
# - exportloopref # checks for pointers to enclosing loop variables
|
||||||
# - funlen # Tool for detection of long functions
|
# - funlen # Tool for detection of long functions
|
||||||
# - ginkgolinter # enforces standards of using ginkgo and gomega
|
# - ginkgolinter # enforces standards of using ginkgo and gomega
|
||||||
|
# - gocheckcompilerdirectives # Checks that go compiler directive comments (//go:) are valid.
|
||||||
# - gochecknoinits # Checks that no init functions are present in Go code
|
# - gochecknoinits # Checks that no init functions are present in Go code
|
||||||
|
# - gochecksumtype # Run exhaustiveness checks on Go "sum types"
|
||||||
# - gocognit # Computes and checks the cognitive complexity of functions
|
# - gocognit # Computes and checks the cognitive complexity of functions
|
||||||
# - gocritic # Provides diagnostics that check for bugs, performance and style issues.
|
# - gocritic # Provides diagnostics that check for bugs, performance and style issues.
|
||||||
# - gocyclo # Computes and checks the cyclomatic complexity of functions
|
# - gocyclo # Computes and checks the cyclomatic complexity of functions
|
||||||
|
@ -185,48 +181,56 @@ linters:
|
||||||
# - gomoddirectives # Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod.
|
# - gomoddirectives # Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod.
|
||||||
# - gomodguard # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
|
# - gomodguard # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
|
||||||
# - goprintffuncname # Checks that printf-like functions are named with `f` at the end
|
# - goprintffuncname # Checks that printf-like functions are named with `f` at the end
|
||||||
# - gosimple # (megacheck): Linter for Go source code that specializes in simplifying a code
|
# - gosimple # (megacheck): Linter for Go source code that specializes in simplifying code
|
||||||
# - govet # (vet, vetshadow): Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
|
# - gosmopolitan # Report certain i18n/l10n anti-patterns in your Go codebase
|
||||||
# - grouper # An analyzer to analyze expression groups.
|
# - govet # (vet, vetshadow): Vet examines Go source code and reports suspicious constructs. It is roughly the same as 'go vet' and uses its passes.
|
||||||
|
# - grouper # Analyze expression groups.
|
||||||
# - importas # Enforces consistent import aliases
|
# - importas # Enforces consistent import aliases
|
||||||
# - ineffassign # Detects when assignments to existing variables are not used
|
# - ineffassign # Detects when assignments to existing variables are not used
|
||||||
# - interfacebloat # A linter that checks the number of methods inside an interface.
|
# - interfacebloat # A linter that checks the number of methods inside an interface.
|
||||||
|
# - intrange # intrange is a linter to find places where for loops could make use of an integer range.
|
||||||
# - lll # Reports long lines
|
# - lll # Reports long lines
|
||||||
|
# - loggercheck # (logrlint): Checks key value pairs for common logger libraries (kitlog,klog,logr,zap).
|
||||||
# - logrlint # Check logr arguments.
|
# - logrlint # Check logr arguments.
|
||||||
# - maintidx # maintidx measures the maintainability index of each function.
|
# - maintidx # maintidx measures the maintainability index of each function.
|
||||||
# - makezero # Finds slice declarations with non-zero initial length
|
# - makezero # Finds slice declarations with non-zero initial length
|
||||||
# - misspell # Finds commonly misspelled English words in comments
|
# - mirror # reports wrong mirror patterns of bytes/strings usage
|
||||||
# - nakedret # Finds naked returns in functions greater than a specified function length
|
# - misspell # Finds commonly misspelled English words
|
||||||
|
# - nakedret # Checks that functions with naked returns are not longer than a maximum size (can be zero).
|
||||||
# - nestif # Reports deeply nested if statements
|
# - nestif # Reports deeply nested if statements
|
||||||
# - nilerr # Finds the code that returns nil even if it checks that the error is not nil.
|
# - nilerr # Finds the code that returns nil even if it checks that the error is not nil.
|
||||||
# - nolintlint # Reports ill-formed or insufficient nolint directives
|
# - nolintlint # Reports ill-formed or insufficient nolint directives
|
||||||
# - nonamedreturns # Reports all named returns
|
# - nonamedreturns # Reports all named returns
|
||||||
# - nosprintfhostport # Checks for misuse of Sprintf to construct a host with port in a URL.
|
# - nosprintfhostport # Checks for misuse of Sprintf to construct a host with port in a URL.
|
||||||
|
# - perfsprint # Checks that fmt.Sprintf can be replaced with a faster alternative.
|
||||||
# - predeclared # find code that shadows one of Go's predeclared identifiers
|
# - predeclared # find code that shadows one of Go's predeclared identifiers
|
||||||
# - reassign # Checks that package variables are not reassigned
|
# - reassign # Checks that package variables are not reassigned
|
||||||
# - rowserrcheck # checks whether Err of rows is checked successfully
|
# - rowserrcheck # checks whether Rows.Err of rows is checked successfully
|
||||||
# - sqlclosecheck # Checks that sql.Rows and sql.Stmt are closed.
|
# - sloglint # ensure consistent code style when using log/slog
|
||||||
# - staticcheck # (megacheck): Staticcheck is a go vet on steroids, applying a ton of static analysis checks
|
# - spancheck # Checks for mistakes with OpenTelemetry/Census spans.
|
||||||
# - testableexamples # linter checks if examples are testable (have an expected output)
|
# - sqlclosecheck # Checks that sql.Rows, sql.Stmt, sqlx.NamedStmt, pgx.Query are closed.
|
||||||
|
# - staticcheck # (megacheck): It's a set of rules from staticcheck. It's not the same thing as the staticcheck binary. The author of staticcheck doesn't support or approve the use of staticcheck as a library inside golangci-lint.
|
||||||
# - tenv # tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
|
# - tenv # tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
|
||||||
|
# - testableexamples # linter checks if examples are testable (have an expected output)
|
||||||
|
# - testifylint # Checks usage of github.com/stretchr/testify.
|
||||||
# - tparallel # tparallel detects inappropriate usage of t.Parallel() method in your Go test codes
|
# - tparallel # tparallel detects inappropriate usage of t.Parallel() method in your Go test codes
|
||||||
# - typecheck # Like the front-end of a Go compiler, parses and type-checks Go code
|
|
||||||
# - unconvert # Remove unnecessary type conversions
|
# - unconvert # Remove unnecessary type conversions
|
||||||
# - unused # (megacheck): Checks Go code for unused constants, variables, functions and types
|
# - unused # (megacheck): Checks Go code for unused constants, variables, functions and types
|
||||||
# - usestdlibvars # A linter that detect the possibility to use variables/constants from the Go standard library.
|
# - usestdlibvars # A linter that detect the possibility to use variables/constants from the Go standard library.
|
||||||
# - wastedassign # wastedassign finds wasted assignment statements.
|
# - wastedassign # Finds wasted assignment statements
|
||||||
|
# - zerologlint # Detects the wrong usage of `zerolog` that a user forgets to dispatch with `Send` or `Msg`
|
||||||
|
|
||||||
#
|
#
|
||||||
# Recommended? (easy)
|
# Recommended? (easy)
|
||||||
#
|
#
|
||||||
|
|
||||||
- dogsled # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
|
- dogsled # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
|
||||||
- errchkjson # Checks types passed to the json encoding functions. Reports unsupported types and optionally reports occations, where the check for the returned error can be omitted.
|
- errchkjson # Checks types passed to the json encoding functions. Reports unsupported types and reports occations, where the check for the returned error can be omitted.
|
||||||
- exhaustive # check exhaustiveness of enum switch statements
|
- exhaustive # check exhaustiveness of enum switch statements
|
||||||
- gci # Gci control golang package import order and make it always deterministic.
|
- gci # Gci control golang package import order and make it always deterministic.
|
||||||
- godot # Check if comments end in a period
|
- godot # Check if comments end in a period
|
||||||
- gofmt # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
|
- gofmt # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
|
||||||
- goimports # In addition to fixing imports, goimports also formats your code in the same style as gofmt.
|
- goimports # Check import statements are formatted according to the 'goimport' command. Reformat imports in autofix mode.
|
||||||
- gosec # (gas): Inspects source code for security problems
|
- gosec # (gas): Inspects source code for security problems
|
||||||
- inamedparam # reports interfaces with unnamed method parameters
|
- inamedparam # reports interfaces with unnamed method parameters
|
||||||
- musttag # enforce field tags in (un)marshaled structs
|
- musttag # enforce field tags in (un)marshaled structs
|
||||||
|
@ -234,7 +238,7 @@ linters:
|
||||||
- protogetter # Reports direct reads from proto message fields when getters should be used
|
- protogetter # Reports direct reads from proto message fields when getters should be used
|
||||||
- revive # Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
|
- revive # Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
|
||||||
- tagalign # check that struct tags are well aligned
|
- tagalign # check that struct tags are well aligned
|
||||||
- thelper # thelper detects golang test helpers without t.Helper() call and checks the consistency of test helpers
|
- thelper # thelper detects tests helpers which is not start with t.Helper() method.
|
||||||
- wrapcheck # Checks that errors returned from external packages are wrapped
|
- wrapcheck # Checks that errors returned from external packages are wrapped
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -242,12 +246,12 @@ linters:
|
||||||
#
|
#
|
||||||
|
|
||||||
- containedctx # containedctx is a linter that detects struct contained context.Context field
|
- containedctx # containedctx is a linter that detects struct contained context.Context field
|
||||||
- contextcheck # check the function whether use a non-inherited context
|
- contextcheck # check whether the function uses a non-inherited context
|
||||||
- errname # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
|
- errname # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
|
||||||
- gomnd # An analyzer to detect magic numbers.
|
- gomnd # An analyzer to detect magic numbers.
|
||||||
- ireturn # Accept Interfaces, Return Concrete Types
|
- ireturn # Accept Interfaces, Return Concrete Types
|
||||||
- nilnil # Checks that there is no simultaneous return of `nil` error and an invalid value.
|
- nilnil # Checks that there is no simultaneous return of `nil` error and an invalid value.
|
||||||
- noctx # noctx finds sending http request without context.Context
|
- noctx # Finds sending http request without context.Context
|
||||||
- unparam # Reports unused function parameters
|
- unparam # Reports unused function parameters
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -256,8 +260,8 @@ linters:
|
||||||
|
|
||||||
- gofumpt # Gofumpt checks whether code was gofumpt-ed.
|
- gofumpt # Gofumpt checks whether code was gofumpt-ed.
|
||||||
- nlreturn # nlreturn checks for a new line before return and branch statements to increase code clarity
|
- nlreturn # nlreturn checks for a new line before return and branch statements to increase code clarity
|
||||||
- whitespace # Tool for detection of leading and trailing whitespace
|
- whitespace # Whitespace is a linter that checks for unnecessary newlines at the start and end of functions, if, for, etc.
|
||||||
- wsl # Whitespace Linter - Forces you to use empty lines!
|
- wsl # add or remove empty lines
|
||||||
|
|
||||||
#
|
#
|
||||||
# Well intended, but not ready for this
|
# Well intended, but not ready for this
|
||||||
|
@ -265,8 +269,8 @@ linters:
|
||||||
- dupl # Tool for code clone detection
|
- dupl # Tool for code clone detection
|
||||||
- forcetypeassert # finds forced type assertions
|
- forcetypeassert # finds forced type assertions
|
||||||
- godox # Tool for detection of FIXME, TODO and other comment keywords
|
- godox # Tool for detection of FIXME, TODO and other comment keywords
|
||||||
- goerr113 # Golang linter to check the errors handling expressions
|
- goerr113 # Go linter to check the errors handling expressions
|
||||||
- paralleltest # paralleltest detects missing usage of t.Parallel() method in your Go test
|
- paralleltest # Detects missing usage of t.Parallel() method in your Go test
|
||||||
- testpackage # linter that makes you use a separate _test package
|
- testpackage # linter that makes you use a separate _test package
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -274,7 +278,7 @@ linters:
|
||||||
#
|
#
|
||||||
- exhaustruct # Checks if all structure fields are initialized
|
- exhaustruct # Checks if all structure fields are initialized
|
||||||
- forbidigo # Forbids identifiers
|
- forbidigo # Forbids identifiers
|
||||||
- gochecknoglobals # check that no global variables exist
|
- gochecknoglobals # Check that no global variables exist.
|
||||||
- goconst # Finds repeated strings that could be replaced by a constant
|
- goconst # Finds repeated strings that could be replaced by a constant
|
||||||
- stylecheck # Stylecheck is a replacement for golint
|
- stylecheck # Stylecheck is a replacement for golint
|
||||||
- tagliatelle # Checks the struct tags.
|
- tagliatelle # Checks the struct tags.
|
||||||
|
|
|
@ -16,7 +16,7 @@ RUN apk add --no-cache git g++ gcc libc-dev make bash gettext binutils-gold core
|
||||||
cd re2-${RE2_VERSION} && \
|
cd re2-${RE2_VERSION} && \
|
||||||
make install && \
|
make install && \
|
||||||
echo "githubciXXXXXXXXXXXXXXXXXXXXXXXX" > /etc/machine-id && \
|
echo "githubciXXXXXXXXXXXXXXXXXXXXXXXX" > /etc/machine-id && \
|
||||||
go install github.com/mikefarah/yq/v4@v4.40.4
|
go install github.com/mikefarah/yq/v4@v4.43.1
|
||||||
|
|
||||||
COPY . .
|
COPY . .
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@ RUN apt-get update && \
|
||||||
make && \
|
make && \
|
||||||
make install && \
|
make install && \
|
||||||
echo "githubciXXXXXXXXXXXXXXXXXXXXXXXX" > /etc/machine-id && \
|
echo "githubciXXXXXXXXXXXXXXXXXXXXXXXX" > /etc/machine-id && \
|
||||||
go install github.com/mikefarah/yq/v4@v4.40.4
|
go install github.com/mikefarah/yq/v4@v4.43.1
|
||||||
|
|
||||||
COPY . .
|
COPY . .
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"slices"
|
"slices"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -10,14 +12,18 @@ import (
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
|
||||||
|
"github.com/crowdsecurity/go-cs-lib/trace"
|
||||||
|
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/csconfig"
|
"github.com/crowdsecurity/crowdsec/pkg/csconfig"
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/database"
|
"github.com/crowdsecurity/crowdsec/pkg/database"
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/fflag"
|
"github.com/crowdsecurity/crowdsec/pkg/fflag"
|
||||||
)
|
)
|
||||||
|
|
||||||
var ConfigFilePath string
|
var (
|
||||||
var csConfig *csconfig.Config
|
ConfigFilePath string
|
||||||
var dbClient *database.Client
|
csConfig *csconfig.Config
|
||||||
|
dbClient *database.Client
|
||||||
|
)
|
||||||
|
|
||||||
type configGetter func() *csconfig.Config
|
type configGetter func() *csconfig.Config
|
||||||
|
|
||||||
|
@ -82,6 +88,11 @@ func loadConfigFor(command string) (*csconfig.Config, string, error) {
|
||||||
return nil, "", err
|
return nil, "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// set up directory for trace files
|
||||||
|
if err := trace.Init(filepath.Join(config.ConfigPaths.DataDir, "trace")); err != nil {
|
||||||
|
return nil, "", fmt.Errorf("while setting up trace directory: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
return config, merged, nil
|
return config, merged, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"archive/zip"
|
"archive/zip"
|
||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -12,12 +13,14 @@ import (
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/blackfireio/osinfo"
|
"github.com/blackfireio/osinfo"
|
||||||
"github.com/go-openapi/strfmt"
|
"github.com/go-openapi/strfmt"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
|
||||||
|
"github.com/crowdsecurity/go-cs-lib/trace"
|
||||||
"github.com/crowdsecurity/go-cs-lib/version"
|
"github.com/crowdsecurity/go-cs-lib/version"
|
||||||
|
|
||||||
"github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require"
|
"github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require"
|
||||||
|
@ -47,6 +50,7 @@ const (
|
||||||
SUPPORT_CAPI_STATUS_PATH = "capi_status.txt"
|
SUPPORT_CAPI_STATUS_PATH = "capi_status.txt"
|
||||||
SUPPORT_ACQUISITION_CONFIG_BASE_PATH = "config/acquis/"
|
SUPPORT_ACQUISITION_CONFIG_BASE_PATH = "config/acquis/"
|
||||||
SUPPORT_CROWDSEC_PROFILE_PATH = "config/profiles.yaml"
|
SUPPORT_CROWDSEC_PROFILE_PATH = "config/profiles.yaml"
|
||||||
|
SUPPORT_CRASH_PATH = "crash/"
|
||||||
)
|
)
|
||||||
|
|
||||||
// from https://github.com/acarl005/stripansi
|
// from https://github.com/acarl005/stripansi
|
||||||
|
@ -62,7 +66,7 @@ func collectMetrics() ([]byte, []byte, error) {
|
||||||
|
|
||||||
if csConfig.Cscli.PrometheusUrl == "" {
|
if csConfig.Cscli.PrometheusUrl == "" {
|
||||||
log.Warn("No Prometheus URL configured, metrics will not be collected")
|
log.Warn("No Prometheus URL configured, metrics will not be collected")
|
||||||
return nil, nil, fmt.Errorf("prometheus_uri is not set")
|
return nil, nil, errors.New("prometheus_uri is not set")
|
||||||
}
|
}
|
||||||
|
|
||||||
humanMetrics := bytes.NewBuffer(nil)
|
humanMetrics := bytes.NewBuffer(nil)
|
||||||
|
@ -70,7 +74,7 @@ func collectMetrics() ([]byte, []byte, error) {
|
||||||
ms := NewMetricStore()
|
ms := NewMetricStore()
|
||||||
|
|
||||||
if err := ms.Fetch(csConfig.Cscli.PrometheusUrl); err != nil {
|
if err := ms.Fetch(csConfig.Cscli.PrometheusUrl); err != nil {
|
||||||
return nil, nil, fmt.Errorf("could not fetch prometheus metrics: %s", err)
|
return nil, nil, fmt.Errorf("could not fetch prometheus metrics: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := ms.Format(humanMetrics, nil, "human", false); err != nil {
|
if err := ms.Format(humanMetrics, nil, "human", false); err != nil {
|
||||||
|
@ -79,21 +83,21 @@ func collectMetrics() ([]byte, []byte, error) {
|
||||||
|
|
||||||
req, err := http.NewRequest(http.MethodGet, csConfig.Cscli.PrometheusUrl, nil)
|
req, err := http.NewRequest(http.MethodGet, csConfig.Cscli.PrometheusUrl, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("could not create requests to prometheus endpoint: %s", err)
|
return nil, nil, fmt.Errorf("could not create requests to prometheus endpoint: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
client := &http.Client{}
|
client := &http.Client{}
|
||||||
|
|
||||||
resp, err := client.Do(req)
|
resp, err := client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("could not get metrics from prometheus endpoint: %s", err)
|
return nil, nil, fmt.Errorf("could not get metrics from prometheus endpoint: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
body, err := io.ReadAll(resp.Body)
|
body, err := io.ReadAll(resp.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("could not read metrics from prometheus endpoint: %s", err)
|
return nil, nil, fmt.Errorf("could not read metrics from prometheus endpoint: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return humanMetrics.Bytes(), body, nil
|
return humanMetrics.Bytes(), body, nil
|
||||||
|
@ -121,19 +125,18 @@ func collectOSInfo() ([]byte, error) {
|
||||||
log.Info("Collecting OS info")
|
log.Info("Collecting OS info")
|
||||||
|
|
||||||
info, err := osinfo.GetOSInfo()
|
info, err := osinfo.GetOSInfo()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
w := bytes.NewBuffer(nil)
|
w := bytes.NewBuffer(nil)
|
||||||
w.WriteString(fmt.Sprintf("Architecture: %s\n", info.Architecture))
|
fmt.Fprintf(w, "Architecture: %s\n", info.Architecture)
|
||||||
w.WriteString(fmt.Sprintf("Family: %s\n", info.Family))
|
fmt.Fprintf(w, "Family: %s\n", info.Family)
|
||||||
w.WriteString(fmt.Sprintf("ID: %s\n", info.ID))
|
fmt.Fprintf(w, "ID: %s\n", info.ID)
|
||||||
w.WriteString(fmt.Sprintf("Name: %s\n", info.Name))
|
fmt.Fprintf(w, "Name: %s\n", info.Name)
|
||||||
w.WriteString(fmt.Sprintf("Codename: %s\n", info.Codename))
|
fmt.Fprintf(w, "Codename: %s\n", info.Codename)
|
||||||
w.WriteString(fmt.Sprintf("Version: %s\n", info.Version))
|
fmt.Fprintf(w, "Version: %s\n", info.Version)
|
||||||
w.WriteString(fmt.Sprintf("Build: %s\n", info.Build))
|
fmt.Fprintf(w, "Build: %s\n", info.Build)
|
||||||
|
|
||||||
return w.Bytes(), nil
|
return w.Bytes(), nil
|
||||||
}
|
}
|
||||||
|
@ -163,7 +166,7 @@ func collectBouncers(dbClient *database.Client) ([]byte, error) {
|
||||||
|
|
||||||
bouncers, err := dbClient.ListBouncers()
|
bouncers, err := dbClient.ListBouncers()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to list bouncers: %s", err)
|
return nil, fmt.Errorf("unable to list bouncers: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
getBouncersTable(out, bouncers)
|
getBouncersTable(out, bouncers)
|
||||||
|
@ -176,7 +179,7 @@ func collectAgents(dbClient *database.Client) ([]byte, error) {
|
||||||
|
|
||||||
machines, err := dbClient.ListMachines()
|
machines, err := dbClient.ListMachines()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to list machines: %s", err)
|
return nil, fmt.Errorf("unable to list machines: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
getAgentsTable(out, machines)
|
getAgentsTable(out, machines)
|
||||||
|
@ -264,6 +267,11 @@ func collectAcquisitionConfig() map[string][]byte {
|
||||||
return ret
|
return ret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func collectCrash() ([]string, error) {
|
||||||
|
log.Info("Collecting crash dumps")
|
||||||
|
return trace.List()
|
||||||
|
}
|
||||||
|
|
||||||
type cliSupport struct{}
|
type cliSupport struct{}
|
||||||
|
|
||||||
func NewCLISupport() *cliSupport {
|
func NewCLISupport() *cliSupport {
|
||||||
|
@ -431,11 +439,31 @@ cscli support dump -f /tmp/crowdsec-support.zip
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
crash, err := collectCrash()
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("could not collect crash dumps: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, filename := range crash {
|
||||||
|
content, err := os.ReadFile(filename)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("could not read crash dump %s: %s", filename, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
infos[SUPPORT_CRASH_PATH+filepath.Base(filename)] = content
|
||||||
|
}
|
||||||
|
|
||||||
w := bytes.NewBuffer(nil)
|
w := bytes.NewBuffer(nil)
|
||||||
zipWriter := zip.NewWriter(w)
|
zipWriter := zip.NewWriter(w)
|
||||||
|
|
||||||
for filename, data := range infos {
|
for filename, data := range infos {
|
||||||
fw, err := zipWriter.Create(filename)
|
header := &zip.FileHeader{
|
||||||
|
Name: filename,
|
||||||
|
Method: zip.Deflate,
|
||||||
|
// TODO: retain mtime where possible (esp. trace)
|
||||||
|
Modified: time.Now(),
|
||||||
|
}
|
||||||
|
fw, err := zipWriter.CreateHeader(header)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("Could not add zip entry for %s: %s", filename, err)
|
log.Errorf("Could not add zip entry for %s: %s", filename, err)
|
||||||
continue
|
continue
|
||||||
|
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
_ "net/http/pprof"
|
_ "net/http/pprof"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"runtime"
|
"runtime"
|
||||||
"runtime/pprof"
|
"runtime/pprof"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -14,6 +15,8 @@ import (
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"gopkg.in/tomb.v2"
|
"gopkg.in/tomb.v2"
|
||||||
|
|
||||||
|
"github.com/crowdsecurity/go-cs-lib/trace"
|
||||||
|
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/acquisition"
|
"github.com/crowdsecurity/crowdsec/pkg/acquisition"
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/csconfig"
|
"github.com/crowdsecurity/crowdsec/pkg/csconfig"
|
||||||
"github.com/crowdsecurity/crowdsec/pkg/csplugin"
|
"github.com/crowdsecurity/crowdsec/pkg/csplugin"
|
||||||
|
@ -96,8 +99,8 @@ func LoadBuckets(cConfig *csconfig.Config, hub *cwhub.Hub) error {
|
||||||
buckets = leakybucket.NewBuckets()
|
buckets = leakybucket.NewBuckets()
|
||||||
|
|
||||||
log.Infof("Loading %d scenario files", len(files))
|
log.Infof("Loading %d scenario files", len(files))
|
||||||
holders, outputEventChan, err = leakybucket.LoadBuckets(cConfig.Crowdsec, hub, files, &bucketsTomb, buckets, flags.OrderEvent)
|
|
||||||
|
|
||||||
|
holders, outputEventChan, err = leakybucket.LoadBuckets(cConfig.Crowdsec, hub, files, &bucketsTomb, buckets, flags.OrderEvent)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("scenario loading failed: %w", err)
|
return fmt.Errorf("scenario loading failed: %w", err)
|
||||||
}
|
}
|
||||||
|
@ -230,6 +233,10 @@ func LoadConfig(configFile string, disableAgent bool, disableAPI bool, quiet boo
|
||||||
return nil, fmt.Errorf("while loading configuration file: %w", err)
|
return nil, fmt.Errorf("while loading configuration file: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err := trace.Init(filepath.Join(cConfig.ConfigPaths.DataDir, "trace")); err != nil {
|
||||||
|
return nil, fmt.Errorf("while setting up trace directory: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
cConfig.Common.LogLevel = newLogLevel(cConfig.Common.LogLevel, flags)
|
cConfig.Common.LogLevel = newLogLevel(cConfig.Common.LogLevel, flags)
|
||||||
|
|
||||||
if dumpFolder != "" {
|
if dumpFolder != "" {
|
||||||
|
|
|
@ -416,6 +416,7 @@ func Serve(cConfig *csconfig.Config, agentReady chan bool) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if cConfig.Common != nil && cConfig.Common.Daemonize {
|
if cConfig.Common != nil && cConfig.Common.Daemonize {
|
||||||
|
csdaemon.Notify(csdaemon.Ready, log.StandardLogger())
|
||||||
// wait for signals
|
// wait for signals
|
||||||
return HandleSignals(cConfig)
|
return HandleSignals(cConfig)
|
||||||
}
|
}
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -27,7 +27,7 @@ require (
|
||||||
github.com/corazawaf/libinjection-go v0.1.2
|
github.com/corazawaf/libinjection-go v0.1.2
|
||||||
github.com/crowdsecurity/coraza/v3 v3.0.0-20240108124027-a62b8d8e5607
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20240108124027-a62b8d8e5607
|
||||||
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26
|
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26
|
||||||
github.com/crowdsecurity/go-cs-lib v0.0.7
|
github.com/crowdsecurity/go-cs-lib v0.0.10
|
||||||
github.com/crowdsecurity/grokky v0.2.1
|
github.com/crowdsecurity/grokky v0.2.1
|
||||||
github.com/crowdsecurity/machineid v1.0.2
|
github.com/crowdsecurity/machineid v1.0.2
|
||||||
github.com/davecgh/go-spew v1.1.1
|
github.com/davecgh/go-spew v1.1.1
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -102,8 +102,8 @@ github.com/crowdsecurity/coraza/v3 v3.0.0-20240108124027-a62b8d8e5607 h1:hyrYw3h
|
||||||
github.com/crowdsecurity/coraza/v3 v3.0.0-20240108124027-a62b8d8e5607/go.mod h1:br36fEqurGYZQGit+iDYsIzW0FF6VufMbDzyyLxEuPA=
|
github.com/crowdsecurity/coraza/v3 v3.0.0-20240108124027-a62b8d8e5607/go.mod h1:br36fEqurGYZQGit+iDYsIzW0FF6VufMbDzyyLxEuPA=
|
||||||
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26 h1:r97WNVC30Uen+7WnLs4xDScS/Ex988+id2k6mDf8psU=
|
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26 h1:r97WNVC30Uen+7WnLs4xDScS/Ex988+id2k6mDf8psU=
|
||||||
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26/go.mod h1:zpv7r+7KXwgVUZnUNjyP22zc/D7LKjyoY02weH2RBbk=
|
github.com/crowdsecurity/dlog v0.0.0-20170105205344-4fb5f8204f26/go.mod h1:zpv7r+7KXwgVUZnUNjyP22zc/D7LKjyoY02weH2RBbk=
|
||||||
github.com/crowdsecurity/go-cs-lib v0.0.7 h1:VbO5WucIc/PO2v6VXWQqwsvRjBu8SVlptIpSzLinG9c=
|
github.com/crowdsecurity/go-cs-lib v0.0.10 h1:Twt/y/rYCUspGY1zxDnGurL2svRSREAz+2+puLepd9c=
|
||||||
github.com/crowdsecurity/go-cs-lib v0.0.7/go.mod h1:8FMKNGsh3hMZi2SEv6P15PURhEJnZV431XjzzBSuf0k=
|
github.com/crowdsecurity/go-cs-lib v0.0.10/go.mod h1:8FMKNGsh3hMZi2SEv6P15PURhEJnZV431XjzzBSuf0k=
|
||||||
github.com/crowdsecurity/grokky v0.2.1 h1:t4VYnDlAd0RjDM2SlILalbwfCrQxtJSMGdQOR0zwkE4=
|
github.com/crowdsecurity/grokky v0.2.1 h1:t4VYnDlAd0RjDM2SlILalbwfCrQxtJSMGdQOR0zwkE4=
|
||||||
github.com/crowdsecurity/grokky v0.2.1/go.mod h1:33usDIYzGDsgX1kHAThCbseso6JuWNJXOzRQDGXHtWM=
|
github.com/crowdsecurity/grokky v0.2.1/go.mod h1:33usDIYzGDsgX1kHAThCbseso6JuWNJXOzRQDGXHtWM=
|
||||||
github.com/crowdsecurity/machineid v1.0.2 h1:wpkpsUghJF8Khtmn/tg6GxgdhLA1Xflerh5lirI+bdc=
|
github.com/crowdsecurity/machineid v1.0.2 h1:wpkpsUghJF8Khtmn/tg6GxgdhLA1Xflerh5lirI+bdc=
|
||||||
|
|
|
@ -84,11 +84,16 @@ func recoverFromPanic(c *gin.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if brokenPipe {
|
if brokenPipe {
|
||||||
log.Warningf("client %s disconnected : %s", c.ClientIP(), err)
|
log.Warningf("client %s disconnected: %s", c.ClientIP(), err)
|
||||||
c.Abort()
|
c.Abort()
|
||||||
} else {
|
} else {
|
||||||
filename := trace.WriteStackTrace(err)
|
log.Warningf("client %s error: %s", c.ClientIP(), err)
|
||||||
log.Warningf("client %s error : %s", c.ClientIP(), err)
|
|
||||||
|
filename, err := trace.WriteStackTrace(err)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("also while writing stacktrace: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
log.Warningf("stacktrace written to %s, please join to your issue", filename)
|
log.Warningf("stacktrace written to %s, please join to your issue", filename)
|
||||||
c.AbortWithStatus(http.StatusInternalServerError)
|
c.AbortWithStatus(http.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
|
|
10
test/bats.mk
10
test/bats.mk
|
@ -66,11 +66,11 @@ bats-check-requirements: ## Check dependencies for functional tests
|
||||||
@$(TEST_DIR)/bin/check-requirements
|
@$(TEST_DIR)/bin/check-requirements
|
||||||
|
|
||||||
bats-update-tools: ## Install/update tools required for functional tests
|
bats-update-tools: ## Install/update tools required for functional tests
|
||||||
# yq v4.40.4
|
# yq v4.43.1
|
||||||
GOBIN=$(TEST_DIR)/tools go install github.com/mikefarah/yq/v4@1c3d55106075bd37df197b4bc03cb4a413fdb903
|
GOBIN=$(TEST_DIR)/tools go install github.com/mikefarah/yq/v4@c35ec752e38ea0c096d3c44e13cfc0797ac394d8
|
||||||
# cfssl v1.6.4
|
# cfssl v1.6.5
|
||||||
GOBIN=$(TEST_DIR)/tools go install github.com/cloudflare/cfssl/cmd/cfssl@b4d0d877cac528f63db39dfb62d5c96cd3a32a0b
|
GOBIN=$(TEST_DIR)/tools go install github.com/cloudflare/cfssl/cmd/cfssl@96259aa29c9cc9b2f4e04bad7d4bc152e5405dda
|
||||||
GOBIN=$(TEST_DIR)/tools go install github.com/cloudflare/cfssl/cmd/cfssljson@b4d0d877cac528f63db39dfb62d5c96cd3a32a0b
|
GOBIN=$(TEST_DIR)/tools go install github.com/cloudflare/cfssl/cmd/cfssljson@96259aa29c9cc9b2f4e04bad7d4bc152e5405dda
|
||||||
|
|
||||||
# Build and installs crowdsec in a local directory. Rebuilds if already exists.
|
# Build and installs crowdsec in a local directory. Rebuilds if already exists.
|
||||||
bats-build: bats-environment ## Build binaries for functional tests
|
bats-build: bats-environment ## Build binaries for functional tests
|
||||||
|
|
Loading…
Reference in a new issue